Wireshark-dev: Re: [Wireshark-dev] SRTP dissection

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 21 Jun 2006 19:40:27 +0200 (CEST)

Sounds good to me. Keep in mind that key exchange is out of band so it has
to be a flexible interface to get that info into the dissector.


On Wed, 21 Jun 2006, Neil Piercy wrote:

> I've started looking at adding SRTP dissection to wireshark - anyone
> else already doing this ?
> The way I'm heading at present is to add it on the side of RTP/RTCP
> dissection (in the same files) as it really modifies the payload only,
> and has no signalling of its presence in the header (only out of band
> signalling such as MGCP, and it needs the same hooks into other
> protocols such as MGCP to do this as RTP does).
> I'm planning on doing phases:-
> a) ensure RTP doesnt try to pass on the encrypted payload to the payload
> dissectors, and RTCP doesnt try to dissect it (pretty easy & almost done)
> b) add auth support (slightly harder, but not much)
> c) add decryption support if the key exchange is captured by e.g. SDP or
> via a user preference (like SSL support for this)
> d) add signalling support to any protocols which support SRTP key exchange
> Anyone got any strong opinions on whether this is a good or bad design
> way to go ?
> Neil